Wwan-wlan aggregation security

ABSTRACT

One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it&#39;s determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

CLAIM OF PRIORITY

The present application for patent claims priority to, and is adivisional patent application of, U.S. Utility patent application Ser.No. 16/843,592, filed Apr. 8, 2020 (now allowed), which claims priorityto, and is a divisional patent application of, U.S. Utility patentapplication Ser. No. 15/281,646, filed Sep. 30, 2016 (now U.S. UtilityPatent No. 10,623,951, issued Apr. 14, 2020), which claims priority toand the benefit of U.S. Provisional Patent Application No. 62/305,770filed Mar. 9, 2016, all entitled “WWAN-WLAN AGGREGATION SECURITY.” theentire disclosures of which are hereby expressly incorporated byreference.

BACKGROUND Field

Various aspects of the present disclosure relate to wirelesscommunications and, more particularly, to methods, apparatuses, andsystems for providing security to communications components employingwireless wide area network (WWAN) wireless local area network (WLAN)aggregation.

Background

In recent years, usage of mobile device data has been growing at anexponential rate by almost doubling every year. Although advances incellular technology have increased the performance and capacity ofcellular networks, it's predicted that this alone will not be enough tomeet the demand for mobile data. Using unlicensed spectrum provides anexcellent opportunity for cellular operators to help their subscribersby increasing network data capacity.

The traditional method for data offloading to unlicensed spectrum bycellular operators has been to use 802.1x based WLAN networks. Thesenetworks may be deployed by cellular operators themselves or others. Inorder to provide an architectural framework and standardization for WLANoffloading, standardization bodies have developed several solutions thatenable interworking with WLAN and provide data offloading throughswitching of data bearers to WLAN.

One option for WWAN (e.g., long term evolution (LTE) networks) and WLANinterworking is data aggregation at the radio access network (RAN). Suchdata aggregation, which may be referred to herein as LTE-WLANaggregation or LWA, involves an Evolved NodeB (eNB) scheduling packetsto be served on LTE and WLAN (e.g., Wi-Fi®) radio links.

One advantage of such a method is that it may provide betterutilization/control of resources on both the LTE and WLAN links. Thiscan increase the aggregate throughput for all devices/users and improvethe total system capacity by better managing the radio resources amongdevices/users. Scheduling decisions for each link can be made at apacket level based on real-time channel conditions and system resourceavailability. Furthermore, data aggregation at the RAN can beimplemented without any changes to the core network since the WLAN radiolink effectively becomes part of the Enhanced Universal TerrestrialRadio Access Network (E-UTRAN).

Along with the aforementioned advantages of LWA come new concerns overdata security. Care must be taken to secure data that is now transmittedover both WWAN and WLAN links. There is a need for methods, apparatuses,and systems that secure communications between user devices and WWAN andWLAN network components in such LWA systems.

SUMMARY

One feature provides a method for secure wireless communication at anapparatus associated with a network, the method comprising receiving auser equipment identifier identifying a user equipment and acryptographic key from a wireless wide area network (WWAN) node, usingthe cryptographic key as a pairwise master key (PMK), generating a PMKidentifier (PKMID) based on the PMK, storing the PMK and the PMKID,initializing a PMK security association (PMKSA) by associating the PMKwith at least the PMKID and an access point identifier identifying anaccess point of the apparatus, receiving an association request thatincludes a PMKID from the user equipment, determining that the PMKIDreceived from the user equipment matches the PMKID stored, andinitiating a key exchange with the user equipment based on the PMK toestablish a wireless local area network (WLAN) security association withthe user equipment. According to one aspect, the method furthercomprises transmitting a security association confirmation message tothe WWAN node indicating that the WLAN security association has beenestablished with the user equipment after successful key exchange withthe user equipment. According to another aspect, the user equipmentidentifier is media access control (MAC) address of the user equipmentand the access point identifier is a MAC address of the access point.

According to one aspect, initializing the PMKSA further includesassociating the PMK with a lifetime value of the PMK and an adaptive keymanagement protocol. According to another aspect, the PMKID is generatedbased on an equation PMKID=Truncate-128(HMAC-SHA-256(PMK, STRING_0 ∥access point identifier ∥ user equipment identifier)), where STRING_0 isa string. According to yet another aspect, the cryptographic key and theuser equipment identifier is received from the WWAN node at a wirelesstermination point (WTP) of the apparatus. According to another aspect,generating the PMKID, storing the PMK and the PMKID, initializing thePMKSA, and determining that the PMKID received from the user equipmentmatches the PMKID stored is performed at the access point of theapparatus.

Another feature provides an apparatus comprising a memory circuit, acommunication interface adapted to communicate with a wireless wide areanetwork (WWAN) node and a user equipment, and a processing circuitcommunicatively coupled to the memory circuit and the communicationinterface, the processing circuit adapted to receive a user equipmentidentifier identifying the user equipment and a cryptographic key fromthe WWAN node, use the cryptographic key as a pairwise master key (PMK),generate a PMK identifier (PKMID) based on the PMK, store the PMK andthe PMKID at the memory circuit, initialize a PMK security association(PMKSA) by associating the PMK with at least the PMKID and an accesspoint identifier identifying an access point of the apparatus, receivean association request that includes a PMKID from the user equipment,determine that the PMKID received from the user equipment matches thePMKID stored at the memory circuit, and initialize a key exchange withthe user equipment based on the PMK to establish a wireless local areanetwork (WLAN) security association with the user equipment. Accordingto one aspect, the processing circuit is further adapted to transmit asecurity association confirmation message to the WWAN node indicatingthat the WLAN security association has been established with the userequipment after successful key exchange with the user equipment.According to one aspect, the processing circuit is adapted to generatethe PMKID, store the PMK and the PMKID, initialize the PMKSA, anddetermine that the PMKID received from the user equipment matches thePMKID stored at the memory circuit is performed at a processing circuitof the access point.

Another feature provides an apparatus comprising means for receiving auser equipment identifier identifying a user equipment and acryptographic key from a wireless wide area network (WWAN) node, meansfor using the cryptographic key as a pairwise master key (PMK), meansfor generating a PMK identifier (PKMID) based on the PMK, means forstoring the PMK and the PMKID, means for initializing a PMK securityassociation (PMKSA) by associating the PMK with at least the PMKID andan access point identifier identifying an access point of the apparatus,means for receiving an association request that includes a PMKID fromthe user equipment, means for determining that the PMKID received fromthe user equipment matches the PMKID stored, and means for initiating akey exchange with the user equipment based on the PMK to establish awireless local area network (WLAN) security association with the userequipment.

Another feature provides a non-transitory computer-readable storagemedium having instructions stored thereon for secure wirelesscommunication by an apparatus associated with a network, theinstructions, which when executed by at least one processor, causes theprocessor to receive a user equipment identifier identifying a userequipment and a cryptographic key from a wireless wide area network(WWAN) node, use the cryptographic key as a pairwise master key (PMK),generate a PMK identifier (PKMID) based on the PMK, store the PMK andthe PMKID, initialize a PMK security association (PMKSA) by associatingthe PMK with at least the PMKID and an access point identifieridentifying an access point of the apparatus, receive an associationrequest that includes a PMKID from the user equipment, determine thatthe PMKID received from the user equipment matches the PMKID stored, andinitiate a key exchange with the user equipment based on the PMK toestablish a wireless local area network (WLAN) security association withthe user equipment.

Another feature provides a method for secure wireless communication atan apparatus associated with a network, the method comprising receivinga wireless local area network (WLAN) termination point addition requestfrom a wireless wide area network (WWAN) node, the WLAN terminationpoint addition request including a cryptographic key and a userequipment identifier identifying a user equipment, generating anetwork-generated first identifier based on the user equipmentidentifier and the cryptographic key received from the WWAN node,storing the network-generated first identifier at the apparatus andassociating the network-generated first identifier with thecryptographic key, receiving an extensible authentication protocol (EAP)identity response from an access point associated with the network, theEAP identity response including a user equipment-generated firstidentifier, determining that the user equipment-generated firstidentifier corresponds to the stored network-generated first identifier,generating a master session key (MSK), and transmitting an EAP successmessage and the MSK to the access point. According to one aspect, thenetwork-generated first identifier and the user equipment-generatedfirst identifier are equal to SHA-256(cryptographic key, user equipmentidentifier. STRING_0) where STRING_0 is an input string value. Accordingto another aspect, the EAP identity response includes a realm value thatidentifies the apparatus receiving the user equipment-generated firstidentifier, the realm value further identifying a serving networkidentity of the WWAN node.

According to one aspect, the method further comprises transmitting asecurity association confirmation message to the WWAN node indicatingthat a WLAN security association has been established with the userequipment. According to another aspect, the method further comprisestransmitting an EAP challenge message to the access point, the EAPchallenge message destined for the user equipment and including a firstrandom value, receiving an EAP challenge response message from theaccess point, the EAP challenge response message originating at the userequipment and including a second random value and an authenticationvalue, verifying the EAP challenge response message using theauthentication value, the first random value, and the second randomvalue, and generating the MSK after verifying the EAP challenge responsemessage. According to yet another aspect, verifying the EAP challengeresponse message includes generating an AUTHRES value at the apparatusequal to SHA-256(cryptographic key, first random value, second randomvalue. STRING_1) where STRING_1 is an input string value, anddetermining that the AUTHRES value matches the authentication valuereceived.

According to one aspect, the MSK equals SHA-256(cryptographic key, firstrandom value, second random value, STRING_2) where STRING_2 is an inputstring value. According to another aspect, the EAP challenge messagetransmitted to the access point is transmitted according to anauthentication, authorization, and accounting (AAA) scheme, and the EAPchallenge response message is received from the access point accordingto the authentication, authorization, and accounting (AAA) scheme.

Another feature provides an apparatus comprising a memory circuit, acommunication interface adapted to communicate with a wireless wide areanetwork (WWAN) node and an access point, and a processing circuitcommunicatively coupled to the memory circuit and the communicationinterface, the processing circuit adapted to receive a wireless localarea network (WLAN) termination point addition request from the WWANnode, the WLAN termination point addition request including acryptographic key and a user equipment identifier identifying a userequipment, generate a network-generated first identifier based on theuser equipment identifier and the cryptographic key received from the WWAN node, store the network-generated first identifier at the memorycircuit and associating the network-generated first identifier with thecryptographic key, receive an extensible authentication protocol (EAP)identity response from the access point, the EAP identity responseincluding a user equipment-generated first identifier, determine thatthe user equipment-generated first identifier corresponds to the storednetwork-generated first identifier, generate a master session key (MSK),and transmit an EAP success message and the MSK to the access point.According to one aspect, the processing circuit is further adapted totransmit an EAP challenge message to the access point, the EAP challengemessage destined for the user equipment and including a first randomvalue, receive an EAP challenge response message from the access point,the EAP challenge response message originating at the user equipment andincluding a second random value and an authentication value, verify theEAP challenge response message using the authentication value, the firstrandom value, and the second random value, and generate the MSK afterverifying the EAP challenge response message.

According to one aspect, the processing circuit adapted to verify theEAP challenge response message includes the processing circuit adaptedto generate an AUTHRES value at the apparatus equal toSHA-256(cryptographic key, first random value, second random value,STRING_1) where STRING_1 is an input string value and the first randomvalue and the second random value are 128 bit values, and determine thatthe AUTHRES value matches the authentication value received.

Another feature provides an apparatus comprising means for receiving awireless local area network (WLAN) termination point addition requestfrom a wireless wide area network (WWAN) node, the WLAN terminationpoint addition request including a cryptographic key and a userequipment identifier identifying a user equipment, means for generatinga network-generated first identifier based on the user equipmentidentifier and the cryptographic key received from the WWAN node, meansfor storing the network-generated first identifier at the apparatus andassociating the network-generated first identifier with thecryptographic key, means for receiving an extensible authenticationprotocol (EAP) identity response from an access point, the EAP identityresponse including a user equipment-generated first identifier, meansfor determining that the user equipment-generated first identifiercorresponds to the stored network-generated first identifier, means forgenerating a master session key (MSK), and means for transmitting an EAPsuccess message and the MSK to the access point. According to oneaspect, the apparatus further comprises means for transmitting an EAPchallenge message to the access point, the EAP challenge messagedestined for the user equipment and including a first random value,means for receiving an EAP challenge response message from the accesspoint, the EAP challenge response message originating at the userequipment and including a second random value and an authenticationvalue, means for verifying the EAP challenge response message using theauthentication value, the first random value, and the second randomvalue, and means for generating the MSK after verifying the EAPchallenge response message.

Another feature provides a non-transitory computer-readable storagemedium having instructions stored thereon for secure wirelesscommunication by an apparatus associated with a network, theinstructions, which when executed by at least one processor, causes theprocessor to receive a wireless local area network (WLAN) terminationpoint addition request from a wireless wide area network (WWAN) node,the WLAN termination point addition request including a cryptographickey and a user equipment identifier identifying a user equipment,generate a network-generated first identifier based on the userequipment identifier and the cryptographic key received from the WWANnode, store the network-generated first identifier at the apparatus andassociating the network-generated first identifier with thecryptographic key, receive an extensible authentication protocol (EAP)identity response from an access point associated with the network, theEAP identity response including a user equipment-generated firstidentifier, determine that the user equipment-generated first identifiercorresponds to the stored network-generated first identifier, generate amaster session key (MSK), and transmit an EAP success message and theMSK to the access point. According to one aspect, the instructions whenexecuted by the processor further cause the processor to transmit an EAPchallenge message to the access point, the EAP challenge messagedestined for the user equipment and including a first random value,receive an EAP challenge response message from the access point, the EAPchallenge response message originating at the user equipment andincluding a second random value and an authentication value, verify theEAP challenge response message using the authentication value, the firstrandom value, and the second random value, and generate the MSK afterverifying the EAP challenge response message.

Another feature provides a method for secure wireless communication atan apparatus associated with a network, the method comprising receivingan association request from a user equipment that includes a pairwisemaster key identifier (PMKID), determining that no correspondingpairwise master key security association (PMKSA) associated with thePMKID is stored at the network, transmitting an extensibleauthentication protocol (EAP) identity request to the user equipment,receiving an EAP identity response that includes a userequipment-generated first identifier from the user equipment,transmitting the user equipment-generated first identifier to a wirelesslocal area network (WLAN) termination point associated with the network,receiving a master session key (MSK) from the WLAN termination point,deriving a pairwise master key (PMK) from the MSK, and initiating a keyexchange with the user equipment based on the PMK to establish a WLANsecurity association with the user equipment. According to one aspect,after transmitting the user equipment-generated first identifier to theWLAN termination point, the method further comprises receiving an EAPchallenge message from the WLAN termination point that includes a firstrandom value, transmitting the EAP challenge message to the userequipment, receiving an EAP challenge response message from the userequipment that includes a second random value and an authenticationvalue, and transmitting the EAP challenge response message to the WLANtermination point.

Another feature provides an apparatus comprising a memory circuit, acommunication interface adapted to communicate with a user equipment anda wireless local area network (WLAN) termination point, and a processingcircuit communicatively coupled to the memory circuit and thecommunication interface, the processing circuit adapted to receive anassociation request from the user equipment that includes a pairwisemaster key identifier (PMKID), determine that no corresponding pairwisemaster key security association (PMKSA) associated with the PMKID isstored at the memory circuit, transmit an extensible authenticationprotocol (EAP) identity request to the user equipment, receive an EAPidentity response that includes a user equipment-generated firstidentifier from the user equipment, transmit the userequipment-generated first identifier to the WLAN termination point,receive a master session key (MSK) from the WLAN termination point,derive a pairwise master key (PMK) from the MSK, and initiate a keyexchange with the user equipment based on the PMK to establish a WLANsecurity association with the user equipment. According to one aspect,after the processing circuit transmits the user equipment-generatedfirst identifier to the WLAN termination point, the processing circuitis further adapted to receive an EAP challenge message from the WLANtermination point that includes a first random value, transmit the EAPchallenge message to the user equipment, receive an EAP challengeresponse message from the user equipment that includes a second randomvalue and an authentication value, and transmit the EAP challengeresponse message to the WLAN termination point.

Another feature provides an apparatus comprising means for receiving anassociation request from a user equipment that includes a pairwisemaster key identifier (PMKID), means for determining that nocorresponding pairwise master key security association (PMKSA)associated with the PMKID is stored at the apparatus, means fortransmitting an extensible authentication protocol (EAP) identityrequest to the user equipment, means for receiving an EAP identityresponse that includes a user equipment-generated first identifier fromthe user equipment, means for transmitting the user equipment-generatedfirst identifier to a wireless local area network (WLAN) terminationpoint, means for receiving a master session key (MSK) from the WLANtermination point, means for deriving a pairwise master key (PMK) fromthe MSK, and means for initiating a key exchange with the user equipmentbased on the PMK to establish a WLAN security association with the userequipment. According to one aspect, the apparatus further comprisesmeans for receiving an EAP challenge message from the WLAN terminationpoint that includes a first random value after the userequipment-generated first identifier is transmitted to the WLANtermination point, means for transmitting the EAP challenge message tothe user equipment, means for receiving an EAP challenge responsemessage from the user equipment that includes a second random value andan authentication value, and means for transmitting the EAP challengeresponse message to the WLAN termination point.

Another feature provides a non-transitory computer-readable storagemedium having instructions stored thereon for secure wirelesscommunication by an apparatus associated with a network, theinstructions, which when executed by at least one processor, causes theprocessor to receive an association request from a user equipment thatincludes a pairwise master key identifier (PMKID), determine that nocorresponding pairwise master key security association (PMKSA)associated with the PMKID is stored at the network, transmit anextensible authentication protocol (EAP) identity request to the userequipment, receive an EAP identity response that includes a userequipment-generated first identifier from the user equipment, transmitthe user equipment-generated first identifier to a wireless local areanetwork (WLAN) termination point associated with the network, receive amaster session key (MSK) from the WLAN termination point, derive apairwise master key (PMK) from the MSK, and initiate a key exchange withthe user equipment based on the PMK to establish a WLAN securityassociation with the user equipment. According to one aspect, theinstructions when executed by the processor further cause the processorto receive an EAP challenge message from the WLAN termination point thatincludes a first random value after the user equipment-generated firstidentifier is transmitted to the WLAN termination point, transmit theEAP challenge message to the user equipment, receive an EAP challengeresponse message from the user equipment that includes a second randomvalue and an authentication value, transmit the EAP challenge responsemessage to the WLAN termination point.

Another feature provides a method for secure wireless communications bya device, the method comprising obtaining a cryptographic key from awireless wide area network (WWAN) security context, utilizing thecryptographic key as a pairwise master key (PMK) for a securityassociation with an access point (AP) of a wireless local area network(WLAN), generating a PMK identifier (PMKID) based on the PMK, a deviceidentifier identifying the device, and an access point identifieridentifying the access point, transmitting an association requestincluding the PMKID to the access point, and initiating a key exchangewith the access point based on the PMK to establish a WLAN securityassociation with the access point. According to one aspect, the deviceidentifier is media access control (MAC) address of the device and theaccess point identifier is a MAC address of the access point. Accordingto another aspect, the PMKID is generated based on an equationPMKID=Truncate-128(HMAC-SHA-256(PMK, STRING_0 ∥ access point identifier∥ device identifier)), where STRING_0 is an input string.

According to one aspect, prior to initiating the key exchange with theaccess point, the method further comprises receiving an associationresponse from the AP indicating that a PMK security association (PMKSA)associated with the PMKID could not be found, receiving an EAP identityrequest from the AP, transmitting an EAP identity response in responseto the EAP identity request, the EAP identity response including adevice-generated first identifier based on the cryptographic key and thedevice identifier, receiving an EAP challenge message from the AP thatincludes a first random value, generating a second random value and anauthentication value, the authentication value based on thecryptographic key, the first random value, and the second random value,and transmitting an EAP challenge response message to the AP thatincludes the authentication value and the second random value.

Another feature provides a device for secure wireless communicationcomprising a wireless communication interface, a processing circuitcommunicatively coupled to the wireless communication interface, theprocessing circuit adapted to obtain a cryptographic key from a wirelesswide area network (WWAN) security context, utilize the cryptographic keyas a pairwise master key (PMK) for a security association with an accesspoint (AP) of a wireless local area network (WLAN), generate a PMKidentifier (PMKID) based on the PMK, a device identifier identifying thedevice, and an access point identifier identifying the access point,transmit an association request including the PMKID to the access point,and initiate a key exchange with the access point based on the PMK toestablish a WLAN security association with the access point. Accordingto one aspect, prior to initiating the key exchange with the accesspoint, the processing circuit is further adapted to receive anassociation response from the AP indicating that a PMK securityassociation (PMKSA) associated with the PMKID could not be found,receive an EAP identity request from the AP, transmit an EAP identityresponse in response to the EAP identity request, the EAP identityresponse including a device-generated first identifier based on thecryptographic key and the device identifier, receive an EAP challengemessage from the AP that includes a first random value, generate asecond random value and an authentication value, the authenticationvalue based on the cryptographic key, the first random value, and thesecond random value, and transmit an EAP challenge response message tothe AP that includes the authentication value and the second randomvalue.

Another feature provides a device for secure wireless communicationcomprising means for obtaining a cryptographic key from a wireless widearea network (WWAN) security context, means for utilizing thecryptographic key as a pairwise master key (PMK) for a securityassociation with an access point (AP) of a wireless local area network(WLAN), means for generating a PMK identifier (PMKID) based on the PMK,a device identifier identifying the device, and an access pointidentifier identifying the access point, means for transmitting anassociation request including the PMKID to the access point, and meansfor initiating a key exchange with the access point based on the PMK toestablish a WLAN security association with the access point. Accordingto one aspect, the device further comprises means for receiving anassociation response from the AP indicating that a PMK securityassociation (PMKSA) associated with the PMKID could not be found, meansfor receiving an EAP identity request from the AP, means fortransmitting an EAP identity response in response to the EAP identityrequest, the EAP identity response including a device-generated firstidentifier based on the cryptographic key and the device identifier,means for receiving an EAP challenge message from the AP that includes afirst random value, means for generating a second random value and anauthentication value, the authentication value based on thecryptographic key, the first random value, and the second random value,and means for transmitting an EAP challenge response message to the APthat includes the authentication value and the second random value.

Another feature provides a non-transitory computer-readable storagemedium having instructions for secure wireless communication by a devicestored thereon, the instructions, which when executed by at least oneprocessor, causes the processor to obtaining a cryptographic key from awireless wide area network (WWAN) security context, utilizing thecryptographic key as a pairwise master key (PMK) for a securityassociation with an access point (AP) of a wireless local area network(WLAN), generating a PMK identifier (PMKID) based on the PMK, a deviceidentifier identifying the device, and an access point identifieridentifying the access point, transmitting an association requestincluding the PMKID to the access point, and initiating a key exchangewith the access point based on the PMK to establish a WLAN securityassociation with the access point. According to one aspect, theinstructions when executed by the processor further cause the processorto receive an association response from the AP indicating that a PMKsecurity association (PMKSA) associated with the PMKID could not befound, receive an EAP identity request from the AP, transmit an EAPidentity response in response to the EAP identity request, the EAPidentity response including a device-generated first identifier based onthe cryptographic key and the device identifier, receive an EAPchallenge message from the AP that includes a first random value,generate a second random value and an authentication value, theauthentication value based on the cryptographic key, the first randomvalue, and the second random value, and transmit an EAP challengeresponse message to the AP that includes the authentication value andthe second random value.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 illustrates a schematic block diagram of an exemplarynon-collocated deployment of a communication system utilizing LWA thatfeatures the WWAN-WLAN aggregation security features and methodsdescribed herein.

FIG. 2 illustrates a schematic block diagram of an exemplary WLAN.

FIG. 3 illustrates a conceptual protocol stack of the LWA capablecommunication system.

FIG. 4 illustrates a process flow diagram of a WLAN security associationinvolving the UE/STA, WLAN, and eNB.

FIGS. 5A and 5B illustrate a first exemplary process flow diagram of aWLAN security association involving the UE/STA, WLAN, and eNB.

FIGS. 6A and 6B illustrate a second exemplary process flow diagram of aWLAN security association involving the UE/STA, WLAN, and eNB.

FIGS. 7A, 7B, and 7C illustrate a third exemplary process flow diagramof a WLAN security association involving the UE/STA, WLAN, and eNB.

FIG. 8 illustrates a first exemplary method flow diagram for securewireless communications by a network apparatus.

FIGS. 9A and 9B illustrate a second exemplary method flow diagram forsecure wireless communications by a network apparatus such as a WLANtermination point.

FIGS. 10A and 10B illustrate a third exemplary method flow diagram forsecure wireless communications by a network apparatus such an accesspoint.

FIG. 11 illustrates a schematic block diagram of a wireless networkapparatus.

FIG. 12 illustrates a first exemplary method flow diagram for securewireless communications by a device (e.g., UE/STA).

FIGS. 13A and 13B illustrate a second exemplary method flow diagram forsecure wireless communications by a device (e.g., UE/STA).

FIG. 14 illustrates a schematic block diagram of a device (UE/STA).

DETAILED DESCRIPTION

In the following description, specific details are given to provide athorough understanding of the various aspects of the disclosure.However, it will be understood by one of ordinary skill in the art thatthe aspects may be practiced without these specific details. Forexample, circuits may be shown in block diagrams in order to avoidobscuring the aspects in unnecessary detail. In other instances,well-known circuits, structures and techniques may not be shown indetail in order not to obscure the aspects of the disclosure.

The word “exemplary” is used herein to mean “serving as an example,instance, or illustration.” Any implementation or aspect describedherein as “exemplary” is not necessarily to be construed as preferred oradvantageous over other aspects of the disclosure. Likewise, an aspectis an implementation or example. Reference in the specification to “anaspect,” “one aspect,” “some aspects,” “various aspects,” or “otheraspects” means that a particular feature, structure, or characteristicdescribed in connection with the aspects is included in at least someaspects, but not necessarily all aspects, of the present techniques. Thevarious appearances of “an aspect,” “one aspect,” or “some aspects” arenot necessarily all referring to the same aspects. Elements or aspectsfrom an aspect can be combined with elements or aspects of anotheraspect.

In the following description and claims, the term “coupled” may meanthat two or more elements are in direct physical or electrical contact.However, “coupled” may also mean that two or more elements are not indirect contact with each other, but yet still co-operate or interactwith each other.

Not all components, features, structures, characteristics, etc.described and illustrated herein need be included in a particular aspector aspects. If the specification states a component, feature, structure,or characteristic “may”, “might”, “can” or “could” be included, forexample, that particular component, feature, structure, orcharacteristic is not required to be included. If the specification orclaim refers to “a” or “an” element, that does not mean there is onlyone of the element. If the specification or claims refer to “anadditional” element, that does not preclude there being more than one ofthe additional element.

It is to be noted that, although some aspects have been described inreference to particular implementations, other implementations arepossible according to some aspects. Additionally, the arrangement and/ororder of circuit elements or other features illustrated in the drawingsand/or described herein need not be arranged in the particular wayillustrated and described. Many other arrangements are possibleaccording to some aspects.

In each figure, the elements in some cases may each have a samereference number or a different reference number to suggest that theelements represented could be different and/or similar. However, anelement may be flexible enough to have different implementations andwork with some or all of the systems shown or described herein. Thevarious elements shown in the figures may be the same or different.Which one is referred to as a first element and which is called a secondelement is arbitrary.

FIG. 1 illustrates a schematic block diagram of an exemplarynon-collocated deployment of a communication system 100 utilizing LWAthat features the WWAN-WLAN aggregation security features and methodsdescribed herein according to one aspect. The system 100 includes a userequipment (UE) 102, a WLAN 104, and an eNode B (eNB) 106 coupled to acellular core network 108. The UE 102 includes station capability inthat it may allow the UE 102 to perform operations as those performed bya conventional station (STA) in a WLAN. Consequently, in the followingdiscussion this functionality may be referred to as a “STA within a UE”and the terms “STA” and “UE” may be used to refer to the same device.

As shown in FIG. 1, the UE 102 may be connected to an eNB 106 of theWWAN and transmit and receive data from it along the WWAN data path.Moreover, the UE 102 may be connected to one or more access points (APs)(not shown in FIG. 1) of the WLAN 104 and transmit and receive data fromit along the WLAN data path.

The eNB 106 is the anchor node for both data and control planes andcontrols packet scheduling for both the WWAN and WLAN links. The eNB 106communicates with the WLAN termination point (WTP) 110 of the WLAN 104through the Xw communication interface (e.g., Xw-C control and Xw-Uuser). The eNB 106 also connects to the core network (CN) via regular S1interfaces (S1-C and S1-U) to transmit and receive control and userdata.

FIG. 2 illustrates a schematic block diagram of an exemplary WLAN 104according to one aspect. As described above, the STA 102 communicateswith one or more APs 202, 202 a, 202 b associated with the WLAN 104, andthe eNB 106 communicates with a WTP 110 of the WLAN 104. In thenon-limiting example shown, the WLAN 104 includes a plurality of APs202, 202 a, 202 b that may be communicatively coupled to a WLANcontroller (WLC) 204, which in turn is communicatively coupled to theWTP 110. The example shown in FIG. 2 is merely exemplary. In otheraspects, the WLAN 104 may comprise a single AP 202 that is eithercommunicatively coupled to a WTP 110 or is itself both an access pointand a WLAN termination point. Moreover, the APs 202. 202 a, 202 b shownin FIG. 2 and discussed herein may be either LWA aware APs (e.g., APscapable of pairwise master key (PMK) caching) or 802.1x APs (e.g.,“legacy APs”) as specified below. For simplicity and as referencedbelow, one AP 202 a may be considered an LWA aware AP capable of PMKcaching and another AP 202 b may be considered a legacy AP.

FIG. 3 illustrates a conceptual protocol stack of the LWA capablecommunication system according to one aspect. As shown in FIG. 3, theLTE Radio Resource Control channel (RRC channel) 302 and the LTENon-Access Stratum (NAS) control channel 304 are maintained between theUE 102 and the eNB 106 (e.g., MeNB) and MME 306. WWAN (e.g., LTE) userdata 308 from the UE 102 and WLAN user data 310 is aggregated at thepacket data convergence protocol (PDCP) layer.

Referring to FIGS. 1-3, an initial WLAN association may use a keyS-K_(WT) (e.g., hereinafter may be “cryptographic key”) generated from acurrent WWAN security context (e.g., LTE security context). In oneaspect, the key S-K_(WT) may be a 256 bit key that is derived from theeNB key of the LTE security context. The STA 102 may obtain the keyS-K_(WT) from the WWAN stack (e.g., LTE stack) of the UE 102. The eNB106 may provide the key S-K_(WT) to the WLAN's WTP 110 via the Xwcommunication interface. The key S-K_(WT) may then be used as thepairwise master key (PMK) by the UE/STA 102 and the WLAN 104 as part ofa 4-way key exchange handshake to establish a secure connection betweenthe UE/STA 102 and the WLAN 104.

FIG. 4 illustrates a process flow diagram of a WLAN security associationinvolving the UE/STA 102. WLAN 104, and eNB 106 according to one aspectof the disclosure. In the illustrated example, the WLAN's AP 202 a is anLWA aware access point in that it is capable of receiving a key (e.g.,S-K_(WT)) from an out of band source and using it as the pairwise masterkey (PMK) for the security association. This is different fromtraditional APs and STAs where the PMK and the associated PMK securityassociation (PMKSA) are created as a result of successful EAPauthentication. That is, the PMK and PMKSA may be created withoutneeding to perform an 802.1x specific authentication procedure. In oneaspect, the AP 202 a and WTP 110 shown in FIG. 4 may be one singledevice that includes the functions of both the access point and thewireless termination point.

Furthermore, the eNB 106 may select a candidate WLAN service set fordata radio bearer offload based on WLAN measurements received from theUE 102. Upon receiving a command from the eNB 106 to offload one or moredata radio bearers (e.g., LTE data radio bearers), the UE 102 may selectone of the APs from the WLAN service set received from the eNB 106. Theselection may be based on the received signal strength indicator (RSSI)of the AP 202 a or some other UE implementation specific criteria. TheUE 102 may also obtain the AP's MAC address for initializing the PMKSAeither from a message broadcast by the AP 202 a or by sending a proberequest.

Referring to FIG. 4, the eNB 106 may transmit 402 a WTP addition requestmessage to the WLAN's termination point 110. The WTP addition requestmessage may include a UE identifier (e.g., the UE MAC address) and thekey S-K_(WT). Next, the WTP 110 responds 404 with a WTP additionacknowledgment message that acknowledges successful receipt of the WTPaddition request message. The key S-K_(WT) may then be used by the AP202 a as the PMK for the WLAN security association. The AP 202 agenerates 406 the PMK identifier (PMKID) based on the PMK according to,for example, PMKID=Truncate-128(HMAC-SHA-256(PMK, STRING_01 AA | SPA))where “AA” is the AP MAC address. “SPA” is the UE MAC address, and“STRING_0” is an arbitrary input string. The AP 202 a also populates(e.g., initializes) the PMK security association (PMKSA) by associatingthe stored PMK with the AP's MAC address, the lifetime of the PMK, theadaptive key management protocol (AKMP), the PMKID, and/or otherauthorization information (e.g., SSID).

Upon receiving a connection reconfiguration command (e.g., anRRC_Connection_Reconfiguration command) from the eNB 106, the UE 102obtains 408 the PMK (e.g., UE obtains S-K_(WT) and PMK:=S-K_(WT)) fromthe WWAN stack (e.g., LTE stack) and derives 410 the PMKID and PMKSAbased on the PMK. The connection reconfiguration command may includeWLAN identification information with one or more of theBSSID/HESSID/ESSID from the eNB 106 to offload certain data radiobearers to the identified WLAN. These actions 408, 410 at the UE 102 maybe performed independent to the actions 402, 404, 406 taking place atthe WLAN 104 and eNB 106.

Subsequently, the UE 102 may transmit an association request 412 to theAP 202 a that includes the PMKID. The AP 202 a uses the PMKID to find413 the PMKSA and PMK associated with the UE 102 and sends back 414 anassociation response. After that the UE 102 and the AP 202 a may engage416 in a 4-way key exchange handshake using the PMK. After successfulassociation a UE associated message may be transmitted 418 to the WTP110, which in turn transmits 420 a WTP associated message to the eNB106. The UE associated message and the corresponding WTP associatedmessage allow the eNB 106 to know that the UE 102 has successfullyconnected to the WLAN 104 and that it may now begin offloading traffic(e.g., data radio bearers (DRBs)) over onto the WLAN 104. The AP 202 aand UE 102 may also begin transmitting and receiving 422 securedcommunications based on 802.1x.

FIGS. 5A and 5B illustrate a process flow diagram of a WLAN securityassociation involving the UE/STA 102. WLAN 104, and eNB 106 according toanother aspect of the disclosure. In the illustrated example, the AP 202b is a legacy access point (i.e., 802.1x access point) that does notsupport PMKSA creation from a PMK received out of band. First, the eNB106 transmits 502 a WTP addition request message to the WLAN terminationpoint 110 of the WLAN 104. The WTP addition request message may includethe UE MAC address and the key S-K_(WT). Next, the WTP 110 responds 504with a WTP addition acknowledgment message that acknowledges successfulreceipt of the WTP addition request message. The key S-K_(WT) and the UEMAC address may then be used 506 by the WTP 110 to generate a firstidentifier LWA-ID (e.g., “network-generated first identifier”).According to just one example, LWA-ID may be a function of the keyS-K_(WT) and the UE MAC address. For instance, LWA-ID=KDF(S-K_(WT), UEMAC address, STRING_0) where KDF is a key derivation function (e.g., oneway function such as SHA256, etc.) and STRING_0 may be an arbitraryinput string value.

Upon receiving an RRCConnectionReconfiguration command from the eNB 106,the UE 102 obtains 508 the PMK (e.g., UE obtains S-K_(WT) andPMK:=S-K_(WT)) from the WWAN stack (e.g., LTE stack) and derives thePMKID based on the PMK. This action 508 at the UE 102 may be performedindependent to the actions 502. 504. 506 taking place at the WLAN 104and eNB 106. Subsequently, the UE 102 may transmit an associationrequest 510 to the AP 202 b that includes the PMKID. Since the AP 202 bis a legacy access point it does not have the associated PMKSA of the UE102. Therefore the AP 202 b determines 512 that no PMKSA is found andreturns 514 a corresponding response (e.g., no PMKSA found) to the UE102.

Not finding the PMKSA also prompts the AP 202 b to start an ExtensibleAuthentication Protocol (EAP) with the UE 102 by sending 516 an EAPidentity request message to the UE 102. The UE 102 then generates 518LWA-ID (e.g., “user equipment-generated first identifier”), whichaccording to just one example may be equal to KDF(S-K_(WT), UE MACaddress, STRING_0). The UE 102 sends the generated LWA-ID as 520 an EAPidentity response with LWA-ID@realm (e.g., “first value”) as the EAPpeer identity to the AP 202 b. In another aspect, the LWA-ID may begenerated by the UE 102 before receipt of EAP identity request message(e.g., when PMKID is generated 508).

Here, “realm” signifies the serving network identity of the eNB 106. Itmay either identify the eNB 106 (e.g., Physical cell ID of the eNB 106)and/or the public land mobile network (PLMN) identity associated withthe eNB 106 or both. In other words, “realm” identifies the WTP 110 thatthe UE 102 wants the AP 202 b to route the authentication request to.For example, the realm value may be defined asrealm=lwa.wtid<WTID>.mnc<MNC>.mcc<MCC>0.3gppnetwork.org, where themobile network code (MNC), and the mobile country code (MCC) may beobtained from the serving network PLMN identity of the cNB/MME. WTID isan identifier identifying the eNB 106 (e.g., E-UTRAN cell identity (ECI)of the eNB). The WWAN stack (e.g., LTE stack) provides the UE 102 withthe WTID, MNC, and MCC. It should be appreciated that using “realm”enables a WLAN network with different WTPs to serve multiple servingnetworks. For example, a WLAN network may support traffic offload bydifferent eNBs belonging to different PLMN operators or different eNBsbelonging to the same PLMN operators.

The EAP identity response message with identity LWA-ID@realm is thenforwarded 522 by the AP 202 b to the WTP 110 identified by the “realm”part of the identity under an authentication, authorization, andaccounting (AAA) scheme. The WTP 110 takes the role of an EAPAuthentication Server (AS) and may use the received value LWA-ID to find524 the key S-K_(WT) associated with the UE 102. If found, the WTP 110generates 525 a master session key (MSK) and then transmits 526 an EAPsuccess message along with the MSK to the AP 202 b. If on the otherhand, the received LWA-ID is not associated with a stored LWA-ID then anEAP failure message may instead be transmitted.

According to one aspect, the WTP 110 may generate the MSK byconcatenating the S-K_(WT) with itself (i.e., MSK=S-K_(WT) | S-K_(WT))and then send the MSK along with the EAP success message to the AP 202b. Since, the AP 202 b now has the MSK it may generate 527 the PMK(e.g., PMK:=the first half of bits of MSK) and transmit 528 an EAPsuccess message to the UE 102, thus successfully authenticating the UE102. After that the UE 102 and the AP 202 b may engage 530 in a 4-waykey exchange handshake using the PMK. After successful association a UEassociated message may be transmitted 532 to the WTP 110, which in turntransmits 534 a WTP associated message to the eNB 106. The AP 202 b andUE 102 may also begin transmitting and receiving 536 securedcommunications based on 802.1x.

FIGS. 6A and 6B illustrate a process flow diagram of a WLAN securityassociation involving the UE/STA 102, WLAN 104, and eNB 106 according toanother aspect of the disclosure. In the illustrated example, the AP 202b is a legacy access point (i.e., 802.1x access point) that does notsupport PMKSA creation from a PMK received out of band. First, the eNB106 transmits 602 a WTP addition request message to the WLAN terminationpoint 110 of the WLAN 104. The WTP addition request message may includethe UE MAC address and the key S-K_(WT). Next, the WTP 110 responds 604with a WTP addition acknowledgment message that acknowledges successfulreceipt of the WTP addition request message. The key S-K_(WT) and the UEMAC address may then be used 606 by the WTP 110 to generate the valueLWA-ID (e.g., “network-generated first identifier”). According to justone example, LWA-ID may be a function of the key S-K_(WT) and the UE MACaddress. For instance, LWA-ID=KDF(S-K_(WT), UE MAC address, STRING_0)where KDF is a key derivation function (e.g., one way function such asSHA256, etc.) and STRING0 may be an arbitrary input string value.

Upon receiving an RRCConnectionReconfiguration command, the UE 102obtains 608 the PMK (e.g., UE obtains S-K_(WT) and PMK:=S-K_(w)r) fromthe WWAN stack and derives the PMKID itself based on the PMK. Thisaction 608 at the UE 102 may be performed independent to the actions602, 604, 606 taking place at the WLAN 104 and eNB 106. Subsequently,the UE 102 may transmit an association request 610 to the AP 202 b thatincludes the PMKID. Since the AP 202 b is a legacy access point it doesnot have the associated PMKSA of the UE 102. Therefore it determines 612that no PMKSA is found and returns 614 a corresponding response (e.g.,no PMKSA found) to the UE 102.

Not finding the PMKSA also prompts the AP 202 b to start the ExtensibleAuthentication Protocol (EAP) with the UE 102 by sending 616 an EAPidentity request message. The UE 102 then generates 618 the value LWA-ID(e.g., “user equipment-generated first identifier”), which according tojust one example may be equal to KDF(S-K_(WT), UE MAC address, STRING_0,and sends 620 an EAP identity response LWA-ID@realm to the AP 202 b. Inanother aspect, the LWA-ID may be generated by the UE 102 before receiptof EAP identity request message (e.g., when PMKID is generated).

As discussed above “realm” signifies the serving network identity of theeNB 106 and may either identify the eNB 106 or the PLMN identityassociated with the eNB 106. Using “realm” enables a WLAN network toserve multiple serving networks such as a WLAN network supportingtraffic offload by different eNBs belonging to different PLMN operatorsor different eNBs belonging to the same PLMN operators.

The EAP identity response message LWA-ID@realm is then forwarded 622 tothe WTP 110 under an AAA scheme. The WTP 110 next determines whether ithas an LWA-ID stored that matches the one received from the AP 202 b. Ifit does it initiates 624 an LWA-specific EAP authentication protocol(herein after referred to as “EAP-LWA” authentication protocol),otherwise it returns an EAP failure notification to the AP 202 b and UE102. The benefit of initiating an LWA-specific EAP authenticationprotocol, such as EAP-LWA, is to maintain compliance with the existingEAP state machine where an EAP peer (i.e., UE 102) may expect receipt ofan EAP authentication method specific message exchange before EAPsuccess may be accepted by the peer. According to one aspect, once theEAP-LWA is initiated the WTP 110 transmits 626 an EAP-LWA Request ( )message to the AP 202 b, which in turn forwards 628 it to the UE 102.The UE 102 responds 630 with an EAP-LWA Response ( ) message to AP 202b, which in turn forwards 632 it back to the WTP 110.

At this point the WTP 110 derives 634 the MSK from the S-K_(WT) by, forexample, concatenating the S-K_(WT) with itself (i.e., MSK=S-K_(WT) |S-K_(WT)). The WTP 110 then sends 636 an EAP-LWA success message alongwith the MSK to the AP 202 b. (These messages 626, 628, 630, 632, 636may be exchanged under an AAA scheme with the WTP 110 acting as anauthentication server.) Since, the AP 202 b now has the MSK it maygenerate 637 the PMK (e.g., PMK:=the first half of bits of MSK) andtransmit 638 an EAP success message to the UE 102. After that the UE 102and the AP 202 b may engage 640 in a 4-way key exchange handshake usingthe PMK. After successful association a UE associated message may betransmitted 642 to the WTP 110, which in turn transmits 644 a WTPassociated message to the eNB 106. The AP 202 b and UE 102 may alsobegin transmitting and receiving 646 secured communications based on802.1x.

FIGS. 7A, 7B, and 7C illustrate a process flow diagram of a WLANsecurity association involving the UE/STA 102. WLAN 104, and eNB 106according to yet another aspect of the disclosure. In the illustratedexample, the AP 202 b is a legacy access point (i.e., 802.1x accesspoint) that does not support PMKSA creation from a PMK received out ofband. First, the eNB 106 transmits 702 a WTP addition request message tothe WLAN termination point 110 of the WLAN 104. The WTP addition requestmessage may include the UE MAC address and the key S-K_(WT). Next, theWTP 110 responds 704 with a WTP addition acknowledgment message thatacknowledges successful receipt of the WTP addition request message. Thekey S-K_(WT) and the UE MAC address may then be used 706 by the WTP 110to generate the value LWA-ID (e.g., “network-generated firstidentifier”). According to just one example, LWA-ID may be a function ofthe key S-K_(WT) and the UE MAC address. For instance,LWA-ID=KDF(S-K_(WT). UE MAC address, STRING_0) where KDF is a keyderivation function (e.g., one way function such as SHA256, etc.) andSTRING_0 is an arbitrary input string value. The WTP 110 also associatesthe value LWA-ID with the cryptographic key S-K_(WT) received.

Upon receiving an RRCConnectionReconfiguration command, the UE 102obtains 708 the PMK (e.g., UE obtains S-K_(WT) and PMK:=S-K_(WT)) fromthe WWAN stack and derives the PMKID itself based on the PMK. Thisaction 708 at the UE 102 may be performed independent to the actions702, 704. 706 taking place at the WLAN 104 and eNB 106. Subsequently,the UE 102 may transmit an association request 710 to the AP 202 b thatincludes the PMKID. Since the AP 202 b is a legacy access point it doesnot have the PMKSA associated with the PMKID or the UE 102. Therefore itdetermines 712 that no PMKSA is found associated with the PMKID receivedand returns 714 a corresponding response (e.g., no PMKSA found) to theUE 102 that omits the PMKID.

Not finding the PMKSA also prompts the AP 202 b to start the ExtensibleAuthentication Protocol (EAP) with the UE 102 by sending 716 an EAPidentity request message. The UE 102 then generates 718 the value LWA-ID(e.g., “user equipment-generated first identifier”), which according tojust one example may be equal to KDF(S-K_(WT), UE MAC address,STRING_0), and sends 720 an EAP identity response LWA-ID@realm to the AP202 b. In another aspect, the LWA-ID may be generated by the UE 102before receipt of EAP identity request message (e.g., when PMKID isgenerated).

As discussed above “realm” signifies the serving network identity of theeNB 106 and may either identify the eNB 106 or the PLMN identityassociated with the eNB 106. Using “realm” enables a WLAN network toserve multiple serving networks such as a WLAN network supportingtraffic offload by different eNBs belonging to different PLMN operatorsor different eNBs belonging to the same PLMN operators.

The EAP identity response message LWA-ID@realm is then forwarded 722 tothe WTP 110 under an AAA scheme. The WTP 110 next determines whether ithas an LWA-ID stored that matches the one received from the AP 202 b. Ifit does it initiates 724 an EAP-LWA authentication protocol, otherwiseit returns an EAP failure notification to the AP 202 b and UE 102. Thebenefit of initiating an LWA-specific EAP authentication protocol, suchas EAP-LWA, is to maintain compliance with the existing EAP statemachine where an EAP peer (i.e., UE 102) may expect receipt of an EAPauthentication method specific message exchange before EAP success maybe accepted by the peer. According to one aspect, once the EAP-LWA isinitiated the WTP 110 transmits 726 an EAP-LWA Request (AS_nonce)message that includes the random value AS_nonce (number used once) tothe AP 202 b, which in turn forwards 728 it to the UE 102. The UE 102then generates its own random value UE_nonce and derives 730 the valueAUTHRES=KDF(S-K_(WT), AS_nonce, UE_nonce, STRING_1), where KDF is a keyderivation function and STRING_1 may be an arbitrary input string. TheUE 102 then responds 732 with an EAP-LWA Response (AUTHRES. UE_nonce)message that includes AUTHRES and UE_nonce to AP 202 b, which in turnforwards 734 it to the WTP 110.

The WTP 110 then generates its own AUTHRES value using the same KDF,STRING_1, the received UE_nonce, and its own locally stored AS_nonce andS-K_(WT). By determining that the AUTHRES value the WTP 110 generatedmatches the AUTHRES value it received from the AP/UE, the EAP-LWAresponse is verified 736 and the UE/STA 102 is authenticated. Thesemessages 726, 728, 730. 732, 736 may be exchanged under an AAA schemewith the WTP 110 acting as an authentication server.

At this point the WTP 110 derives 738 the MSK from the S-K_(WT) by, forexample, concatenating the S-K_(WT) with itself (i.e., MSK=S-K_(WT) |S-K_(WT)). The WTP 110 then sends 740 an EAP-LWA success message alongwith the MSK to the AP 202 b. Since, the AP 202 b now has the MSK it maygenerate 742 the PMK (e.g., PMK:=the first half of bits of MSK) andtransmit 744 an EAP success message to the UE 102. After that the UE 102and the AP 202 b may engage 746 in a 4-way key exchange handshake usingthe PMK. After successful association a UE associated message may betransmitted 748 to the WTP 110, which in turn transmits 750 a WTPassociated message to the eNB 106. The AP 202 b and UE 102 may alsobegin transmitting and receiving 752 secured communications based on802.1x. In another aspect, the MSK may be derived using a KDF, such asMSK=KDF(S-K_(WT), AS_nonce, UE_nonce, STRING_2) instead of MSK=PMK |PMK, where STRING_2 is an arbitrary input string.

FIG. 8 illustrates a method flow diagram for secure wirelesscommunications by a network and/or network apparatus (e.g., WLAN, AP,and/or WTP). First, a user equipment identifier identifying a userequipment and a cryptographic key (e.g., S-K_(WT)) are received 802 froma wireless wide area network (WWAN) node. Next, the cryptographic key isused 804 as a pairwise master key (PMK). Then, a PMK identifier (PKMID)is generated 806 based on the PMK. Next, the PMK and the PMKID is stored808 at the apparatus. Then, a PMK security association (PMKSA) isinitialized 810 by associating the PMK with at least the PMKID and anaccess point identifier identifying an access point of the apparatus.Next, an association request is received 812 from the user equipmentthat includes a PMKID. Then, it is determined 814 that the PMKIDreceived from the user equipment matches the PMKID stored at theapparatus. Next, a key exchange is initiated 816 with the user equipmentbased on the PMK to establish a WLAN security association with the userequipment.

FIGS. 9A and 9B illustrate a method flow diagram for secure wirelesscommunications by a network apparatus (e.g., WTP). First, a wirelesslocal area network (WLAN) termination point addition request is received902 from a wireless wide area network (WWAN) node, the WLAN terminationpoint addition request including a cryptographic key (e.g., S-K_(WT))and a user equipment identifier (e.g., UE MAC address) identifying auser equipment. Next, a network-generated first identifier (e.g.,LWA-ID) is generated 904 based on the user equipment identifier and thecryptographic key received from the WWAN node. Then, thenetwork-generated first identifier is stored 906 at the apparatus andassociating the network-generated first identifier with thecryptographic key. Next, an extensible authentication protocol (EAP)identity response is received 908 from an access point associated withthe network, the EAP identity response including a userequipment-generated first identifier (e.g., LWA-ID as part ofLWA-ID@realm). Then, it's determined 910 that the userequipment-generated first identifier corresponds to the storednetwork-generated first identifier. Next, an EAP challenge message istransmitted 912 to the access point, the EAP challenge message destinedfor the user equipment and including a first random value (e.g.,AS_nonce). Then, an EAP challenge response message is received 914 fromthe access point, the EAP challenge response message originating at theuser equipment and including a second random value (e.g., STA_nonce) andan authentication value (e.g., AUTHRES). Next, the EAP challengeresponse message is verified 916 using the authentication value, thefirst random value, and the second random value. Then, a master sessionkey (MSK) is generated 918 after verifying the EAP challenge responsemessage. Next, an EAP success message and the MSK is transmitted 920 tothe access point.

FIGS. 10A and 10B illustrate a method flow diagram for secure wirelesscommunications by a network apparatus (e.g., access point). First, anassociation request is received 1002 from a user equipment that includesa pairwise master key identifier (PMKID). Next, it's determined 1004that no corresponding pairwise master key security association (PMKSA)associated with the PMKID is stored at the network. Then, an extensibleauthentication protocol (EAP) identity request is transmitted 1006 tothe user equipment. Next, an EAP identity response is received 1008 thatincludes a user equipment-generated first identifier (e.g., LWA-ID aspart of LWA-ID@realm) from the user equipment. Then, the userequipment-generated first identifier is transmitted 1010 to a wirelesslocal area network (WLAN) termination point associated with the network.Next, an EAP challenge message is received 1012 from the WLANtermination point that includes a first random value (e.g., AS_nonce).Then, the EAP challenge message is transmitted 1014 to the userequipment. Next, an EAP challenge response message is received 1016 fromthe user equipment that includes a second random value (e.g., STA_nonce)and an authentication value (e.g., AUTHRES). Then, the EAP challengeresponse message is transmitted 1018 to the WLAN termination point.Next, a master session key (MSK) is received 1020 from the WLANtermination point. Then, a pairwise master key (PMK) is derived 1022from the MSK, and a key exchange is initiated 1024 with the userequipment based on the PMK to establish a WLAN security association withthe user equipment.

FIG. 11 illustrates a schematic block diagram of a wirelesscommunication network apparatus (e.g., WLAN apparatus) 1100 according toone aspect of the disclosure. The network 1100 includes at least oneaccess point 1110 and at least one wireless termination point 1120 thatare in communication with each other. The network 1100 may include manymore access points communicatively coupled to the wireless terminationpoint 1120 and/or communicatively coupled to additional wirelesstermination points not shown in FIG. 11. The AP 1110 and WTP 1120 shownin FIG. 11 may be part of a single apparatus 1100 or each 1110, 1120 maybe separate apparatuses housed independently of one another within anwireless local area network.

The exemplary access point 1110 of the network 1100 may include at leastone or more communication interfaces 1112, one or more memory circuits1114, one or more processing circuits 1116, and/or one or more inputand/or output (I/O) devices/circuits 1118 that are each communicativelycoupled to one another. The communication interface 1112 allows theaccess point 1110 to communicate wirelessly with one or more UE/STA.Thus, the interface 1112 allows the access point 1110 to communicatewirelessly through WLAN protocols, such as 802.1x, or other protocols(Zigbee®, Bluetooth®, etc).

The access point's memory circuit 1114 may include one or more volatilememory circuits and/or non-volatile memory circuits. Thus, the memorycircuit 1114 may include DRAM, SRAM, MRAM, EEPROM, flash memory, etc.The memory circuit 1114 may store one or more cryptographic keys,variables, nonces, values, etc. The memory circuit 1114 may also storeinstructions that may be executed by the processing circuit 1116. TheI/O devices/circuits 1118 may include one or more keyboards, mice,displays, touchscreen displays, printers, fingerprint scanners, and anyother input and/or output devices.

The access point's processing circuit 1116 (e.g., processor, centralprocessing unit (CPU), application processing unit (APU), etc.) mayexecute instructions stored at the memory circuit 1114 and/orinstructions stored at another computer-readable storage medium (e.g.,hard disk drive, optical disk drive, solid-state drive, etc.)communicatively coupled to the access point 1110. The processing circuit1116 may perform any one of the steps and/or processes of the accesspoints described herein including those discussed with reference toFIGS. 1, 2, 3, 4, 5A, 5B, 6A, 6B, 7A, 7B, 7C, 8, 10A, and/or 10B.

The exemplary wireless termination point 1120 of the network 1100 mayinclude at least one or more communication interfaces 1122, one or morememory circuits 1124, one or more processing circuits 1126, and/or oneor more input and/or output (I/O) devices/circuits 1128 that are eachcommunicatively coupled to one another. The communication interface 1122allows the wireless termination point 1120 to communicate wirelesslywith one or more WWAN nodes such as an eNB.

The wireless termination point's memory circuit 1124 may include one ormore volatile memory circuits and/or non-volatile memory circuits. Thus,the memory circuit 1124 may include DRAM, SRAM, MRAM, EEPROM, flashmemory, etc. The memory circuit 1124 may store one or more cryptographickeys, variables, nonces, values, etc. The memory circuit 1124 may alsostore instructions that may be executed by the processing circuit. TheI/O devices/circuits 1128 may include one or more keyboards, mice,displays, touchscreen displays, printers, fingerprint scanners, and anyother input and/or output devices.

The wireless termination point's processing circuit 1126 (e.g.,processor, central processing unit (CPU), application processing unit(APU), etc.) may execute instructions stored at the memory circuit 1124and/or instructions stored at another computer-readable storage medium(e.g., hard disk drive, optical disk drive, solid-state drive, etc.)communicatively coupled to the wireless termination point 1120. Theprocessing circuit 1126 may perform any one of the steps and/orprocesses of the wireless termination points described herein includingthose discussed with reference to FIGS. 1, 2, 3, 4, 5A, 5B, 6A, 6B, 7A,7B, 7C, 8, 9A, and/or 9B.

The The network 1100 may include a communication interface 1102 thatincludes, in part, the communication interfaces 1112, 1122 of the accesspoint 1110 and the wireless termination point 1120. Similarly, thenetwork may include a memory circuit 1104 that includes, in part, thememory circuits 1114. 1124 of the access point 1110 and the wirelesstermination point 1120. The network may also include a processingcircuit 1106 that includes, in part, the processing circuits 1116, 1128of the access point 1110 and the wireless termination point 1120. Theprocessing circuit 1106 of the network 1100 is adapted to perform thesteps described and shown in FIGS. 8, 9A, 9B, 10A, and/10B. The memorycircuit 1104 of the network 1100 is adapted to store instructions thatwhen executed by the processing circuit 1106 cause the processingcircuit 1106 of the network 1100 to perform the steps described andshown in FIGS. 8, 9A, 9B, 10A, and/or 10B.

FIG. 12 illustrates a method flow diagram for secure wirelesscommunications by a device (e.g., UE/STA). First, a cryptographic key(e.g., S-K_(WT)) is obtained 1202 from a wireless wide area network(WWAN) security context. Next, the cryptographic key is utilized 1204 asa pairwise master key (PMK) for a security association with an accesspoint of a wireless local area network (WLAN). Then, a PMK identifier(PMKID) is generated 1206 based on the PMK, a device identifier (e.g.,UE MAC address) identifying the device, and an access point identifier(e.g., AP MAC address) identifying the AP. Next, an association requestis transmitted 1208 including the PMKID to the AP. Then, a key exchange(e.g., 4 way key exchange handshake) is initiated 1210 with the AP basedon the PMK to establish a WLAN security association with the AP.

FIG. 13 illustrates a method flow diagram for secure wirelesscommunications by a device (e.g., UE/STA). First, a cryptographic key(e.g., S-K_(WT)) is obtained 1302 from a wireless wide area network(WWAN) security context. Next, the cryptographic key is utilized 1304 asa pairwise master key (PMK) for a security association with an accesspoint of a wireless local area network (WLAN). Then, a PMK identifier(PMKID) is generated 1306 based on the PMK, a device identifier (e.g.,UE MAC address) identifying the device, and an access point identifier(e.g., AP MAC address) identifying the AP. Next, an association requestis transmitted 1308 including the PMKID to the AP. Then, an associationresponse is received 1310 from the AP indicating that a PMK securityassociation (PMKSA) associated with the PMKID could not be found. Next,an EAP identity request is received 1312 from the AP. Then, an EAPidentity response is transmitted 1314 in response to the EAP identityrequest, the EAP identity response including a device-generated firstidentifier based on the cryptographic key and the device identifier.Next, an EAP challenge message is received 1316 from the AP thatincludes a first random value. Then, a second random value and anauthentication value is generated 1318, the authentication value basedon the cryptographic key, the first random value, and the second randomvalue. Next, an EAP challenge response message is transmitted 1320 tothe AP that includes the authentication value and the second randomvalue. Then, a key exchange (e.g., 4 way key exchange handshake) isinitiated 1322 with the AP based on the PMK to establish a WLAN securityassociation with the AP.

FIG. 14 illustrates a schematic block diagram of a device (e.g., userequipment (UE) and station (STA)) 1400 according to one aspect of thedisclosure. The device 1400 may include a plurality of wirelesscommunication interfaces 1402, one or more memory circuits 1404, one ormore input and/or output (I/O) devices/circuits 1406, and/or one or moreprocessing circuits 1408 that may be communicatively coupled to oneanother. For example, the interfaces 1402, the memory circuit 1404, theI/O devices 1406, and the processing circuit 1408 may be communicativelycoupled to each other through a bus 1410. The wireless communicationinterfaces 1402 allow the device 1400 to communicate wirelessly with theeNB 106. Thus, the interface 1402 also allows the device 1400 tocommunicate wirelessly to the WLAN (e.g., AP 202) through WLANprotocols, such as 802.1x, and/or other protocols such as Zigbee®,Bluetooth®, etc.

The memory circuit 1404 may include one or more volatile memory circuitsand/or non-volatile memory circuits. Thus, the memory circuit 1404 mayinclude DRAM. SRAM, MRAM, EEPROM, flash memory, etc. The memory circuit1404 may store one or more cryptographic keys. The memory circuit 1404may also store instructions that may be executed by the processingcircuit 1408. The I/O devices/circuits 1406 may include one or morekeyboards, mice, displays, touchscreen displays, printers, fingerprintscanners, and any other input and/or output devices.

The processing circuit 1408 (e.g., processor, central processing unit(CPU), application processing unit (APU), etc.) may execute instructionsstored at the memory circuit 1406 and/or instructions stored at anothercomputer-readable storage medium (e.g., hard disk drive, optical diskdrive, solid-state drive, etc.) communicatively coupled to the device1400. The processing circuit 1408 may perform any one of the stepsand/or processes of the UE/STA 102 s described herein including thosediscussed with reference to FIGS. 1-7C, 12, 13A, and/or 13B.

One or more of the components, steps, features, and/or functionsillustrated in FIGS. 1, 2, 3, 4, 5A, 5B, 6A, 6B, 7A, 7B, 7C, 8, 9A, 9B,10A, 10B. 11, 12, 13A, 13B, and/or 14 may be rearranged and/or combinedinto a single component, step, feature or function or embodied inseveral components, steps, or functions. Additional elements,components, steps, and/or functions may also be added without departingfrom the invention. The apparatus, devices, and/or componentsillustrated in FIGS. 1, 2, 3, 11, and/or 14 may be configured to performone or more of the methods, features, or steps described in FIGS. 3, 4,5A, 5B, 6A, 6B, 7A, 7B, 7C, 8, 9A, 9B, 10A, 10B, 12, 13A, and/or 13B.The algorithms described herein may also be efficiently implemented insoftware and/or embedded in hardware.

Also, it is noted that the aspects of the present disclosure may bedescribed as a process that is depicted as a flowchart, a flow diagram,a structure diagram, or a block diagram. Although a flowchart maydescribe the operations as a sequential process, many of the operationscan be performed in parallel or concurrently. In addition, the order ofthe operations may be re-arranged. A process is terminated when itsoperations are completed. A process may correspond to a method, afunction, a procedure, a subroutine, a subprogram, etc. When a processcorresponds to a function, its termination corresponds to a return ofthe function to the calling function or the main function.

Moreover, a storage medium may represent one or more devices for storingdata, including read-only memory (ROM), random access memory (RAM),magnetic disk storage mediums, optical storage mediums, flash memorydevices and/or other machine-readable mediums and, processor-readablemediums, and/or computer-readable mediums for storing information. Theterms “machine-readable medium”, “computer-readable medium”, and/or“processor-readable medium” may include, but are not limited tonon-transitory mediums such as portable or fixed storage devices,optical storage devices, and various other mediums capable of storing orcontaining instruction(s) and/or data. Thus, the various methodsdescribed herein may be fully or partially implemented by instructionsand/or data that may be stored in a “machine-readable medium”,“computer-readable medium”, and/or “processor-readable medium” andexecuted by one or more processors, machines and/or devices.

Furthermore, aspects of the disclosure may be implemented by hardware,software, firmware, middleware, microcode, or any combination thereof.When implemented in software, firmware, middleware or microcode, theprogram code or code segments to perform the necessary tasks may bestored in a machine-readable medium such as a storage medium or otherstorage(s). A processor may perform the necessary tasks. A code segmentmay represent a procedure, a function, a subprogram, a program, aroutine, a subroutine, a module, a software package, a class, or anycombination of instructions, data structures, or program statements. Acode segment may be coupled to another code segment or a hardwarecircuit by passing and/or receiving information, data, arguments,parameters, or memory contents. Information, arguments, parameters,data, etc. may be passed, forwarded, or transmitted via any suitablemeans including memory sharing, message passing, token passing, networktransmission, etc.

The various illustrative logical blocks, modules, circuits, elements,and/or components described in connection with the examples disclosedherein may be implemented or performed with a general purpose processor,a digital signal processor (DSP), an application specific integratedcircuit (ASIC), a field programmable gate array (FPGA) or otherprogrammable logic component, discrete gate or transistor logic,discrete hardware components, or any combination thereof designed toperform the functions described herein. A general purpose processor maybe a microprocessor, but in the alternative, the processor may be anyconventional processor, controller, microcontroller, or state machine. Aprocessor may also be implemented as a combination of computingcomponents, e.g., a combination of a DSP and a microprocessor, a numberof microprocessors, one or more microprocessors in conjunction with aDSP core, or any other such configuration. As just one example theprocessing circuits 1106, 1116, 1126 of FIG. 11 may be ASICs that arehard wired to specifically perform one or more of the steps illustratedin FIGS. 8. 9A, 9B, 10A, and/or 10B. Similarly, the processing circuit1408 of FIG. 14 may be an ASIC that is hard wired to specificallyperform one or more of the steps illustrated in FIGS. 12, 13A, and/or13B.

The methods or algorithms described in connection with the examplesdisclosed herein may be embodied directly in hardware, in a softwaremodule executable by a processor, or in a combination of both, in theform of processing unit, programming instructions, or other directions,and may be contained in a single device or distributed across multipledevices. A software module may reside in RAM memory, flash memory, ROMmemory, EPROM memory, EEPROM memory, registers, hard disk, a removabledisk, a CD-ROM, or any other form of storage medium known in the art. Astorage medium may be coupled to the processor such that the processorcan read information from, and write information to, the storage medium.In the alternative, the storage medium may be integral to the processor.

Those of skill in the art would further appreciate that the variousillustrative logical blocks, modules, circuits, and algorithm stepsdescribed in connection with the aspects disclosed herein may beimplemented as electronic hardware, computer software, or combinationsof both. To clearly illustrate this interchangeability of hardware andsoftware, various illustrative components, blocks, modules, circuits,and steps have been described above generally in terms of theirfunctionality. Whether such functionality is implemented as hardware orsoftware depends upon the particular application and design constraintsimposed on the overall system.

The various features of the invention described herein can beimplemented in different systems without departing from the invention.It should be noted that the foregoing aspects of the disclosure aremerely examples and are not to be construed as limiting the invention.The description of the aspects of the present disclosure is intended tobe illustrative, and not to limit the scope of the claims. As such, thepresent teachings can be readily applied to other types of apparatusesand many alternatives, modifications, and variations will be apparent tothose skilled in the art.

What is claimed is:
 1. A method for secure wireless communication at anapparatus associated with a network, the method comprising: receiving awireless local area network (WLAN) termination point addition requestfrom a wireless wide area network (WWAN) node, the WLAN terminationpoint addition request including a cryptographic key and a userequipment identifier identifying a user equipment; generating anetwork-generated first identifier based on the user equipmentidentifier and the cryptographic key received from the WWAN node;storing the network-generated first identifier at the apparatus andassociating the network-generated first identifier with thecryptographic key; receiving an extensible authentication protocol (EAP)identity response from an access point associated with the network, theEAP identity response including a user equipment-generated firstidentifier; determining that the user equipment-generated firstidentifier corresponds to the stored network-generated first identifier;generating a master session key (MSK); and transmitting an EAP successmessage and the MSK to the access point.
 2. The method of claim 1,wherein the network-generated first identifier and the userequipment-generated first identifier are equal to SHA-256(cryptographickey, user equipment identifier, STRING_0) where STRING_0 is an inputstring value.
 3. The method of claim 1, wherein the EAP identityresponse includes a realm value that identifies the apparatus receivingthe user equipment-generated first identifier, the realm value furtheridentifying a serving network identity of the WWAN node.
 4. The methodof claim 1, further comprising: transmitting a security associationconfirmation message to the WWAN node indicating that a WLAN securityassociation has been established with the user equipment.
 5. The methodof claim 1, further comprising: transmitting an EAP challenge message tothe access point, the EAP challenge message destined for the userequipment and including a first random value; receiving an EAP challengeresponse message from the access point, the EAP challenge responsemessage originating at the user equipment and including a second randomvalue and an authentication value; verifying the EAP challenge responsemessage using the authentication value, the first random value, and thesecond random value; and generating the MSK after verifying the EAPchallenge response message.
 6. The method of claim 5, wherein the firstrandom value and the second random value are 128 bit values.
 7. Themethod of claim 5, wherein verifying the EAP challenge response messageincludes: generating an AUTHRES value at the apparatus equal toSHA-256(cryptographic key, first random value, second random value,STRING_1) where STRING_1 is an input string value; and determining thatthe AUTHRES value matches the authentication value received.
 8. Themethod of claim 5, wherein the MSK equals SHA-256(cryptographic key,first random value, second random value, STRING_2) where STRING_2 is aninput string value.
 9. The method of claim 5, wherein the EAP challengemessage transmitted to the access point is transmitted according to anauthentication, authorization, and accounting (AAA) scheme, and the EAPchallenge response message is received from the access point accordingto the authentication, authorization, and accounting (AAA) scheme. 10.An apparatus comprising: a memory circuit; a communication interfaceadapted to communicate with a wireless wide area network (WWAN) node andan access point; and a processing circuit communicatively coupled to thememory circuit and the communication interface, the processing circuitadapted to receive a wireless local area network (WLAN) terminationpoint addition request from the WWAN node, the WLAN termination pointaddition request including a cryptographic key and a user equipmentidentifier identifying a user equipment, generate a network-generatedfirst identifier based on the user equipment identifier and thecryptographic key received from the WWAN node, store thenetwork-generated first identifier at the memory circuit and associatingthe network-generated first identifier with the cryptographic key,receive an extensible authentication protocol (EAP) identity responsefrom the access point, the EAP identity response including a userequipment-generated first identifier, determine that the userequipment-generated first identifier corresponds to the storednetwork-generated first identifier, generate a master session key (MSK),and transmit an EAP success message and the MSK to the access point. 11.The apparatus of claim 10, wherein the network-generated firstidentifier and the user equipment-generated first identifier are equalto SHA-256(cryptographic key, user equipment identifier, STRING_0) whereSTRING_0 is an input string value.
 12. The apparatus of claim 10,wherein the EAP identity response includes a realm value that identifiesthe apparatus receiving the user equipment-generated first identifier,the realm value further identifying a serving network identity of theWWAN node.
 13. The apparatus of claim 10, wherein the processing circuitis further adapted to: transmit a security association confirmationmessage to the WWAN node indicating that a WLAN security association hasbeen established with the user equipment.
 14. The apparatus of claim 10,wherein the processing circuit is further adapted to: transmit an EAPchallenge message to the access point, the EAP challenge messagedestined for the user equipment and including a first random value;receive an EAP challenge response message from the access point, the EAPchallenge response message originating at the user equipment andincluding a second random value and an authentication value; verify theEAP challenge response message using the authentication value, the firstrandom value, and the second random value; and generate the MSK afterverifying the EAP challenge response message.
 15. The apparatus of claim14, wherein the processing circuit adapted to verify the EAP challengeresponse message includes the processing circuit adapted to: generate anAUTHRES value at the apparatus equal to SHA-256(cryptographic key, firstrandom value, second random value, STRING_1) where STRING_1 is an inputstring value and the first random value and the second random value are128 bit values; and determine that the AUTHRES value matches theauthentication value received.
 16. The apparatus of claim 14, whereinthe MSK equals SHA-256(cryptographic key, first random value, secondrandom value, STRING_2) where STRING_2 is an input string value.
 17. Theapparatus of claim 14, wherein the EAP challenge message transmitted tothe access point is transmitted according to an authentication,authorization, and accounting (AAA) scheme, and the EAP challengeresponse message is received from the access point according to theauthentication, authorization, and accounting (AAA) scheme.
 18. Anapparatus comprising: means for receiving a wireless local area network(WLAN) termination point addition request from a wireless wide areanetwork (WWAN) node, the WLAN termination point addition requestincluding a cryptographic key and a user equipment identifieridentifying a user equipment; means for generating a network-generatedfirst identifier based on the user equipment identifier and thecryptographic key received from the WWAN node; means for storing thenetwork-generated first identifier at the apparatus and associating thenetwork-generated first identifier with the cryptographic key: means forreceiving an extensible authentication protocol (EAP) identity responsefrom an access point, the EAP identity response including a userequipment-generated first identifier; means for determining that theuser equipment-generated first identifier corresponds to the storednetwork-generated first identifier; means for generating a mastersession key (MSK); and means for transmitting an EAP success message andthe MSK to the access point.
 19. The apparatus of claim 18, furthercomprising: means for transmitting an EAP challenge message to theaccess point, the EAP challenge message destined for the user equipmentand including a first random value; means for receiving an EAP challengeresponse message from the access point, the EAP challenge responsemessage originating at the user equipment and including a second randomvalue and an authentication value; means for verifying the EAP challengeresponse message using the authentication value, the first random value,and the second random value; and means for generating the MSK afterverifying the EAP challenge response message.
 20. A non-transitorycomputer-readable storage medium having instructions stored thereon forsecure wireless communication by an apparatus associated with a network,the instructions, which when executed by at least one processor, causesthe processor to: receive a wireless local area network (WLAN)termination point addition request from a wireless wide area network(WWAN) node, the WLAN termination point addition request including acryptographic key and a user equipment identifier identifying a userequipment; generate a network-generated first identifier based on theuser equipment identifier and the cryptographic key received from theWWAN node; store the network-generated first identifier at the apparatusand associating the network-generated first identifier with thecryptographic key; receive an extensible authentication protocol (EAP)identity response from an access point associated with the network, theEAP identity response including a user equipment-generated firstidentifier; determine that the user equipment-generated first identifiercorresponds to the stored network-generated first identifier; generate amaster session key (MSK); and transmit an EAP success message and theMSK to the access point.
 21. The non-transitory computer-readablestorage medium of claim 20, the instructions when executed by theprocessor further cause the processor to: transmit an EAP challengemessage to the access point, the EAP challenge message destined for theuser equipment and including a first random value; receive an EAPchallenge response message from the access point, the EAP challengeresponse message originating at the user equipment and including asecond random value and an authentication value; verify the EAPchallenge response message using the authentication value, the firstrandom value, and the second random value; and generate the MSK afterverifying the EAP challenge response message.
 22. A method for securewireless communications by a device, the method comprising: obtaining acryptographic key from a wireless wide area network (WWAN) securitycontext; utilizing the cryptographic key as a pairwise master key (PMK)for a security association with an access point (AP) of a wireless localarea network (WLAN); generating a PMK identifier (PMKID) based on thePMK, a device identifier identifying the device, and an access pointidentifier identifying the access point; transmitting an associationrequest including the PMKID to the access point; and initiating a keyexchange with the access point based on the PMK to establish a WLANsecurity association with the access point.
 23. The method of claim 22,wherein the device identifier is media access control (MAC) address ofthe device and the access point identifier is a MAC address of theaccess point.
 24. The method of claim 22, wherein the PMKID is generatedbased on an equation: PMKID=Truncate-128(HMAC-SHA-256(PMK, STRING_0 ∥access point identifier ∥ device identifier)), where STRING_0 is aninput string.
 25. The method of claim 22, wherein prior to initiatingthe key exchange with the access point, the method further comprising:receiving an association response from the AP indicating that a PMKsecurity association (PMKSA) associated with the PMKID could not befound; receiving an EAP identity request from the AP; transmitting anEAP identity response in response to the EAP identity request, the EAPidentity response including a device-generated first identifier based onthe cryptographic key and the device identifier; receiving an EAPchallenge message from the AP that includes a first random value;generating a second random value and an authentication value, theauthentication value based on the cryptographic key, the first randomvalue, and the second random value; and transmitting an EAP challengeresponse message to the AP that includes the authentication value andthe second random value.
 26. The method of claim 25, wherein thedevice-generated first identifier is equal to SHA-256(cryptographic key,device identifier, STRING_0) where STRING_0 is an input string value.27. The method of claim 25, wherein the first random value and thesecond random value are 128 bit values.
 28. The method of claim 25,wherein the authentication value is equal to SHA-256(cryptographic key,first random value, second random value, STRING_0) where STRING_0 is aninput string value.
 29. The method of claim 25, wherein the EAP identityresponse includes a realm value that identifies a WLAN termination pointof the WLAN to which the device-generated first identifier is routed,the realm value further identifying a serving network identity of a WWANnode associated with the WLAN termination point.
 30. The method of claim25, wherein the EAP challenge message is received according to anauthentication, authorization, and accounting (AAA) scheme and the EAPchallenge response message is transmitted according to the AAA scheme.31. A device for secure wireless communication comprising: a wirelesscommunication interface; a processing circuit communicatively coupled tothe wireless communication interface, the processing circuit adapted toobtain a cryptographic key from a wireless wide area network (WWAN)security context, utilize the cryptographic key as a pairwise master key(PMK) for a security association with an access point (AP) of a wirelesslocal area network (WLAN), generate a PMK identifier (PMKID) based onthe PMK, a device identifier identifying the device, and an access pointidentifier identifying the access point, transmit an association requestincluding the PMKID to the access point, and initiate a key exchangewith the access point based on the PMK to establish a WLAN securityassociation with the access point.
 32. The device of claim 31, whereinthe device identifier is media access control (MAC) address of thedevice and the access point identifier is a MAC address of the accesspoint.
 33. The device of claim 31, wherein the PMKID is generated basedon an equation: PMKID=Truncate-128(HMAC-SHA-256(PMK, STRING_0 ∥ accesspoint identifier ∥ device identifier)), where STRING_0 is an inputstring.
 34. The device of claim 31, wherein prior to initiating the keyexchange with the access point, the processing circuit is furtheradapted to: receive an association response from the AP indicating thata PMK security association (PMKSA) associated with the PMKID could notbe found; receive an EAP identity request from the AP; transmit an EAPidentity response in response to the EAP identity request, the EAPidentity response including a device-generated first identifier based onthe cryptographic key and the device identifier; receive an EAPchallenge message from the AP that includes a first random value;generate a second random value and an authentication value, theauthentication value based on the cryptographic key, the first randomvalue, and the second random value; and transmit an EAP challengeresponse message to the AP that includes the authentication value andthe second random value.
 35. The device of claim 34, wherein thedevice-generated first identifier is equal to SHA-256cryptographic key,device identifier, STRING_0) where STRING_0 is an input string value.36. The device of claim 34, wherein the authentication value is equal toSHA-256(cryptographic key, first random value, second random value,STRING_0) where STRING_0 is an input string value.
 37. The device ofclaim 34, wherein the EAP identity response includes a realm value thatidentifies a WLAN termination point of the WLAN to which thedevice-generated first identifier is routed, the realm value furtheridentifying a serving network identity of a WWAN node associated withthe WLAN termination point.
 38. The device of claim 34, wherein the EAPchallenge message is received according to an authentication,authorization, and accounting (AAA) scheme and the EAP challengeresponse message is transmitted according to the AAA scheme.
 39. Adevice for secure wireless communication comprising: means for obtaininga cryptographic key from a wireless wide area network (WWAN) securitycontext, means for utilizing the cryptographic key as a pairwise masterkey (PMK) for a security association with an access point (AP) of awireless local area network (WLAN), means for generating a PMKidentifier (PMKID) based on the PMK, a device identifier identifying thedevice, and an access point identifier identifying the access point,means for transmitting an association request including the PMKID to theaccess point, and means for initiating a key exchange with the accesspoint based on the PMK to establish a WLAN security association with theaccess point.
 40. The device of claim 39, further comprising: means forreceiving an association response from the AP indicating that a PMKsecurity association (PMKSA) associated with the PMKID could not befound; means for receiving an EAP identity request from the AP; meansfor transmitting an EAP identity response in response to the EAPidentity request, the EAP identity response including a device-generatedfirst identifier based on the cryptographic key and the deviceidentifier; means for receiving an EAP challenge message from the APthat includes a first random value; means for generating a second randomvalue and an authentication value, the authentication value based on thecryptographic key, the first random value, and the second random value;and means for transmitting an EAP challenge response message to the APthat includes the authentication value and the second random value. 41.A non-transitory computer-readable storage medium having instructionsfor secure wireless communication by a device stored thereon, theinstructions, which when executed by at least one processor, causes theprocessor to: obtaining a cryptographic key from a wireless wide areanetwork (WWAN) security context, utilizing the cryptographic key as apairwise master key (PMK) for a security association with an accesspoint (AP) of a wireless local area network (WLAN) generating a PMKidentifier (PMKID) based on the PMK, a device identifier identifying thedevice, and an access point identifier identifying the access point,transmitting an association request including the PMKID to the accesspoint, and initiating a key exchange with the access point based on thePMK to establish a WLAN security association with the access point. 42.The non-transitory computer-readable storage medium of claim 41, whereinthe instructions when executed by the processor further cause theprocessor to: receive an association response from the AP indicatingthat a PMK security association (PMKSA) associated with the PMKID couldnot be found; receive an EAP identity request from the AP; transmit anEAP identity response in response to the EAP identity request, the EAPidentity response including a device-generated first identifier based onthe cryptographic key and the device identifier; receive an EAPchallenge message from the AP that includes a first random value;generate a second random value and an authentication value, theauthentication value based on the cryptographic key, the first randomvalue, and the second random value; and transmit an EAP challengeresponse message to the AP that includes the authentication value andthe second random value.